Security Considerations

Security Considerations

Passwords

In today’s business world ICT plays a fundamental part. With every system there is the basic security of a username and password. Now while most of the usernames that you use will most likely be different, do you tend to use the one password or do you have several?

Having one password for all your ICT access is not recommended. Imagine for a moment that your password has been guessed or hacked? It can then be used to access all your other systems. In this situation what is convenient for you will also be convenient for the person who is not meant to have your password.

Have 2 or 3 passwords that you use interchangeably between systems. Sometimes you may be prompted to change your password. In this case simply use the next one in your repertoire.

Some IT systems will force you to use a strong password. This typically means that it would take many years for a computer to crack. Mixing numbers into your password makes it impossible to guess from a dictionary attack. A dictionary attack is when a system will try every word in the dictionary to see if it matches your password.

For example, let’s use a base password of delilah. Firstly, using a name of a family member will make it easier to hack however it is very convenient. With a few simple substitutions it can be kept convenient but much harder to crack. Replace the e with a 3 and the i with a 1 and you get d3l1lah.

Let’s go one step further shall we? A complex password is one with at least 8 characters, upper and lowercase, digits and punctuation.

We can add the numbers 01 on the end to increase the length past 8 characters, use a capital D and H, and use a exclamation mark instead of one of the ls. D3!1laH01

Wireless Networks

A wireless network in a small office brings convenience for portable devices like laptops, tablets and smartphones. At the same time it can loosen your security if not implemented correctly.

Ensure your wireless network is only accessible via a strong encryption key/password. See previous section on how to set a strong password. Most modern wireless access points are configured with WPA/WPA2. This is fine for most businesses but please check with your IT provider with what is best suited for your situation.

Secondly, make sure you document this password in a safe central register. We supply one in our accreditation packs but you can download it from here as well.

Default Credentials On Network Devices

A typical network consists of at least a modem, router, and wireless access point. In some cases they may all be in the one unit. Each of these devices will come from the factory with a default username and password so you (or your IT Service Provider) can configure to suit your needs.

While convenient to leave these credentials as is, it increases the likelihood of unauthorised access to parts of your network.

Typical username/password combinations from the factory are admin/admin, admin/password, default/password.

Ensure that at least the administrative passwords on these devices are changed and then documented on a secure central register.

Taking Data Offsite

Do you take backup copies of your data home? Does any team member take data to another location? What happens if that drive was stolen or misplaced? If it ends up in the hands of someone unscrupulous, could that person simply plug that drive into their computer and access your files?

If you do have a need to transport data from your office on a removable drive like a USB stick/drive then you must consider encrypting the files or entire drive itself. This will prevent accidental unauthorised access to your data.

Remote Access

In a small office environment your network perimeter firewall would typically be built into your modem or router. These devices by default will be safely blocking any unauthorised external access into your network. Over time you (or your ICT Service Provider) may have the need to open a port to let specific traffic into your network like VPN or Remote Desktop or you may even run a web server.

What happens when these services are no longer needed? Have those ‘holes’ (ports) in your firewall been closed again? A great tool that’s been around for a very long time is Shields Up by GRC. It’s not for the fainthearted, so best get a professional to help you out here.

Software Firewalls

Inside the confines of your network you are typically protected by a hardware firewall built in to your modem or router. When you leave work with a laptop it needs to be able to defend itself. Discuss options with your ICT Service Provider regarding software firewalls. Windows has a built-in firewall which will suffice for most micro/small businesses.